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. © A method of controlling the use of computer programs. 

© The copy protection of personal computer (PC) software 
distributed on diskettes is assisted by providing a unique 
identification (ID) stored in rea d only memory (ROM) o f a 
personal computer in which software on a diskette is to be 
used. Th is ID is a cc essible to the use r of the computer. A 
vendor whTwlslieTttrpfotect his diskette-distributed software 
from illegal copying or use provides a source ID on the diske tte. 
The personal computer ID is used with the source ID on the 
distributed diskette to produce an encoded check word, u sing 

(any available encryption modalrtyTTKe'CTfetfTword is generated 
and whtteTTomo^e^ a?^ during installat ion and 

copied on to all backup versions mad e bv the userVpargonal 
computer. Prior to each use of the program, the software on the 
; diskette uses the personal computer and the source IDs and 
I check word to verify that the software is being used on the 
\same personal computer on which it was installed. 
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METHOD OF CONTROLLING THE USE OF COMPUTER PROGRAMS 

software has originally been installed V 'aenWied oomput.ng system as the one on which the 

.deals of personal property and fair play. Elaborat^ies S f ^ com ™r,ly-acknowledged 

software from diskettes. These efforts «TSSo£^„^^ hrtC ^ 10 P^ent illegal copying of 

SSS but - « i= - - p ^^ 

personal computing software, addttonal effect ^ «*«* market in Blegal 

The term copy protection includes a bo^SS^^^T^ m, ^ m ^ nM ^ 
copymg. These are known and widely rS^^TSSiZS^ deteCti ° n ^ prevention of ■•0* 
whose locations are randomly «« W n^^^JS^^^ m ^ on ""to software of artifaSs 
only be reproduced under the original combwT r*~» A aily placed ^ a diskette, and which can 

obliterated; their absence is dST^ 

Program. r P roc ess in the software which reacts by altering the software 

~ss£ as? r^r^r^r • ~»« - - — 

Receipts in Trap Door Knapsacks'- 'New Dirert^K^ entitled "Hiding Information and 

MAT.ONTHEORY, Volume rT-22 No. 6 7^2^^S!T3S£% ^ cm jEEETOANSACTIONROMiKicnn 
Authent.cation With Insecure Communicator? - rnMMn^ T ,l t k a, - : ^ ,he article entitled "Password 
November 1981. by Lamport II COMMUNICATI °NSOFTHEACM Volume 24 nTYi 

public-key encryption. P " understood rnif^-.od.t.cat.ons of enoyption are availabte] including 

X^T^rr^SZ^ disXr St ° ra9e ™**" - — «" «* Patent 
characteristics of the possessor o7a "credit «n?" ^S^T * referenced t0 the P«o3 

of the password with a non-secret reference ffJJ ftSSSKlJ ^T^' 00 ° f ,he Oration 
The result of the encryption is placed on the credit IS « t ted by the secret one 8 ^ P^r. 

or conducting a transaction. She tSSSSSST?lS!SS?£ ""H?" h Presented to 8 

terminal and comparison of the decrypt)! T2^S^Jt^^ ° f *" concat ^ated words in the 
non-secret reference text which is avatebfetoTe 2ZaUn the J^li^"^ en,ered by the user and the 
of encryption simply to gain entree to a system ttroS^^^^ example ' one appreciates the use 

"Pigmented bythe^™^^^ .™inSS, / ^^ rtecl ^ i5WM ^ a «•«*S 
exeeunng the software. When the software fe^Hah!H!rt ^^j-^ on (CPUIO) to each CPU capable erf 
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installed in the personal computer wherein the identified CPU is located. The product of the encryption is a 
check number placed on the diskette and used to qualify a check number generated by the encryption 
modality each time the software is executed or copied. If execution or copying is attempted through a CPU 
different from the one on which the software was originally installed, the check number placed on the diskette 
at installation will, in all likelihood, not match that produced by the encryption modality in response to the SID 5 
on the diskette and the Identification of the other CPU. If the check number generated does not match the 
stored one f an evasion process is invoked which prevents user copying of the software on the unauthorized 
machine. 

The invention is expressed as a method of controlling the use and replication of diskette software contents 
and the like on unauthorized diskette-driven computing systems. The method includes placing a first 10 
identification (ID) code in a preselected computing system and then associating a second identification (ID) 
code with a source of programming software for the computing system. Next, the second ID code is placed on 
a diskette having a program obtained from the programming source. A first check number is derived through 
encryption of one of the identification codes by the other of the identification codes, and the check number is 
placed on the diskette. Thereafter, upon access of the diskette by any computing system, a second check 15 
number is derived through the encryption based upon the second identification code on the diskette and an 
identification code in the accessing computing system and the second check number is compared with the 
first check number. If the two check numbers are identical, execution or copying of the software proceeds. 
This method contemplates the provision of execution evasion and copy protect features embedded in the 
software on the diskette and bypassing the features in the event that the two check numbers match. 20 

The invention is expressed also as a system for authorizing the use or replication of diskette software 
contents on selected computing systems, the system including a diskette containing a software program, a 
source identification (SID) code on the diskette associated with and identifying the source of the software, and 
a computing system for receiving the diskette and including at least one CPU having an embedded CPU 
identification (CPUID) code associated with and identifying that CPU. A programming modality is provided in 25 
the software which is executable on the CPU and which generates a check number through encryption of one 
of the ID codes by the other of the ID codes and uses the check number to prevent the execution or copying of 
the software on a CPU other than the identified one. 

The system affords site licensing of the software on the diskette by including a check storage area on the 
diskette for receiving a plurality of check numbers, each generated by the programming modality in response 30 
to the SID and a CPUID from a respective one of a plurality of authorized CPUs operating in the computer 
system. The site licensing embodiment also includes provision in the programming modality for using the 
check numbers in the check storage area to prevent execution or copying of the software by an unauthorized 
CPU. 

According to the invention, there is provided a method of controlling the use and replication of diskette 35 
software contents and the like on unauthorized diskette-driven computing systems, said method comprising 
the steps of: 

placing a first ID code in a preselected computing system; 

associating a second ID code with a source of programming software for said computing system; 40 
placing said second ID number on a diskette bearing a program obtained from said source, said program 
including an execution non-compliance feature; 

deriving a first check number through encryption of one of said ID numbers by the other of said ID numbers; 
placing said check number on said diskette; and ... 
upon access of said diskette by any computing system, deriving a second check number through said 45 
encryption based upon said second ID number on said diskette and an ID number in said accessing computing 
system, comparing said second with said first check number, and bypassing the non-compliance feature in the 
event of a match. 

In order that the invention may be fully understood, a preferred embodiment thereof will now be described 
with reference to the accompanying drawings in which : $q 

Figure 1 illustrates the components of the invention in their application context. 

Figure 2 illustrates in greater detail the interconnection of a personal computer with a disk driver in 
which is inserted a disk configured for practicing the invention. 

Figure 3 is a flow diagram illustrating the practice of the method of the invention during the initial 
installation routine contained in the software of the diskette of Figures 1 and 2. 55 

Figure 4 is a flow diagram illustrating the method of the invention practiced during a legal execution of 
software installed according to Figure 3. 

Figure 5 is a flow diagram fragment illustrating the method of the invention during copying of the 
diskette of Figures 1 and 2. 

Figure 6 is a representation of a CPUID. go 

Figure 7 illustrates an alternative embodiment of the invention. 
Giving reference to Figure 1, a description of the environment in which the invention is to be utilized is now 
presented. The invention is executable upon a combination including a personal computer (PC) 10 and a 
magnetic disk ("diskette") 12. The personal computer can be from any vendor, for example, it can comprise 
one selected from any of the PC series available from International Business Machines Corporation, Armonk, 65 
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further asserted that the CPUID is located in a standard location whose address is the same from one personal 
computer to the next. Last, the address of the CPUID 36 Is known to the ENCRYPT module 32. It is 
contemplated thai the CPUID would be generated, placed in ROM, and installed in the PC 10 by the 
manufacturer of the PC. 

As specified, the ENCRYPT module 32 is a process automatically called by the INSTALL and INrnALIZE 5 
modules during their executions. Figure 2 symbolically illustrates the ENCRYPT module 32 being performed by 
the CPU 14. When executed, the ENCRYPT module obtains the CPUID 36 from its addressable location in the 
PC 10 and obtains the SID 28 from its addressable location on the diskette 12. When obtaining the CPUID, the 
ENCRYPT module employs a conventional validity checking modality to ascertain whether the CPUID meets 
the pre-established validity requirements. In the discussion following, It is presumed that the CPUID is valid; if 10 
not, the evasion and/or protection features described below can be implemented. The SID 28 is obtained by a 
standard READ function in the PC 10. The CPUID 36 and SID 28 are subjected to the encryption algorithm 
embodied in the ENCRYPT module 32 to produce a check number, or code (CHK). If the ENCRYPT module 32 
is called by the INSTALL module 21 , the positive exit is taken from the decision 40 and the WRITE function 42 is 
called to write CHK into the first available spot In the CHKSTOR sector 30 of the disk 12. In Figure 2, a check is 
number is entered in location 44 of CHKSTOR 30. Alternatively, if the ENCRYPT module 32 is called by the 
INITIALIZE routine 22, the READ function 38 is invoked to obtain CHK from location 44 on the disk 12 whence It 
is provided to a COMPARE function 46 embedded in the ENCRYPT module 32. In addition, the check number 
generated by the ENGRYPT module 32. instead of being written to CHKSTOR on the diskette 12, is also 
provided to the COMPARE function 46. The COMPARE function 46 is a conventional procedure used to 20 
determine whether the check number generated by the ENCRYPT module 32 is identical with CHK 44. If the 
output of the ENCRYPT function 32 does not compare with the check number 44, the output of the COMPARE 
function 46 indicates such a disparity and is used to invoke the COPY PROTECT module 26 or an EVASION 
step built into the INSTALL and INITIALIZE modules. 

Referring now to Figures 3-5 and Tables Mil, the operation of the invention and its method embodiment will 25 
be explained. The method is executable during the three major phases of software operation listed in Table I. 
Thus, the method is invoked by the INSTALL module 21 when the diskette 12 is loaded into the PC 10 for 
establishing or changing global operating parameters of the PC. The method is also operated whenever the 
diskette 12 is inserted into the disk driver 18 for execution of the APPLICATION module 24 or whenever the 
diskette 12 is inserted into the disk driver 18 for the purpose of copying the software 20 to another diskette 30 
through invocation of the COPY command of the PC 10. 
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TABLE I 
INSTALL 

EXECUTE APPLICATION 
COPY 



TABLE II 
INSTALL PROCEDURE 
DO INSTALL 



DO ENCRYPT 

IF CHKSTOR NOT INITIALLED, 
THEN, WRITE CHK TO CHKSTOR 
GO TO CONTINUE INSTALL 
ELSE 

IF MCF ™> CHKSTOR IS NOT FULL, 
THEN, 

IF CHK A CHK IN CHKSTOR 

GO TO CONTINUE INSTALL 

ELSE 

WRITE CHK IN CHKSTOR 
GO TO CONTINUE INSTALL 
END 
ELSE, 
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IF CHKSTOR IS FULL 
THEN, 

EVADE EXECUTION 
ELSE, 

IF CHK DOES NOT EQUAL CHK 

IN CHKSTOR 

THEN 

EVADE EXECUTION" 
ELSE 

GO TO CONTINUE INSTALL 
END 

CONTINUE INSTALL 
END 



TABLE III 

EXECUTE APPLICATION 

DO INITIALIZE 

DO ENCRYPT 

IF CHK DOES NOT EQUAL CHK, 
THEN, EVADE EXECUTING 
ELSE CONTINUE INITIALIZE 

END 

CALL APPLICATION 
END 
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u 5 * secure 'dentification (CCPUID). Thus, in Figure 7, the command post computer 50 has 

embedded in rt the secure CCPUID 52 and stores a secure list of field CPUIDs 54. A public-key encryption 
modality 56 encrypts the CCPUID with a selected FCPUID to generate a check number CHKNO which is placed 
on a diskette 58 at position 59. In addition, orders in encrypted form are written to the diskette 58 usino the 
public-key process, and the diskette is then carried to a tactical field post having a field CPU 70 s 

The diskette 58 is plugged into the field CPU 70, where a routine similar to the INITIALIZE routine of Figure 4 
Is performed. In this routine, installation of the diskette 58 in the CPU 70 invokes a pubiic-key decryption 
process 72 which is the inverse of the encryption process 53. The decryption process 72 can be included in the 
software on the diskette 58. The FCPUID 74 of the field CPU 70 and a public-key 76, which is known to the 
operator of the CPU 70, are fed to the decryption process which operates conventionally to decrypt the orders 10 
in encrypted form on the diskette 58. W the FCPUID of the CPU 70 matches the FCPUID used to encrypt the 
orders on the diskette 58. the decryption process will produce a clear text of the command post orders 
Otherwise, either no action is taken to decrypt the software, or protective action to destroy or alter the 
software is undertaken. In this manner, orders can be transmitted using a relatively simple and straightforward 
scheme to protect the orders by a first level of encryption in which a known password or key and a secret is 
password (the FCPUID) are provided to unlock access to the orders only in the event that the recipient of the 
physical embodiment of the orders (the diskette) can generate a key or password identical with the one on the 
diskette. 

It should be evident that the embodiments of the invention do not prevent illegal use on copying by a 
knowledgeable, determined person. However, they have the advantage of providing an inexpensive easily 20 
implemented means of making unauthorized use or copying very difficult, yet which makes authorized use or 
copying easy. 
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1 A method of controlling the use and replication of diskette software contents and the like on 
unauthonzed diskette-driven computing systems, said method comprising the steps of: 30 

placing a first ID code in a preselected computing system; 

associating a second ID code with a source of programming software for said computing system ; 
placing said second ID number on a diskette bearing a program obtained from said source, said program 
including an execution non-compliance feature; 

deriving a first check number through encryption of one of said ID numbers by the other of said ID 
numbers; 

placing said check number on said diskette; and 

upon access of said diskette by any computing system, deriving a second check number through said 
encryption based upon said second ID number on said diskette and an ID number in said accessing 40 
computing system, comparing said second with said first check number, and bypassing the 
non-compliance feature in the event of a match. 

2. A method as claimed in Claim 1 wherein said second ID and said first check number are placed in said 
diskette when said program is installed in said computing system. ' - - 

3. A method as claimed in Claim 1 or Claim 2 wherein said access includes execution of said program. 45 

4. A method as claimed in Claim 1 wherein said access includes copying of said program to a second 
diskette. 

5. A method as claimed in Claim 1 wherein said step of placing said check number includes writing said 
check number to a predetermined storage area on said diskette, said predetermined storage area 
including storage space for a plurality of check numbers, and said step of comparing includes comparing 50 
said second check number with a check number in said storage area. 

6. A data processing system for authorizing use of diskette software contents on authorized computing 
systems, comprising: 

a diskette for storing application programs ; 55 
a first computing system for entering software on said diskette, and including a first ID code identifying 
said first, and a secure list of ID codes identifying CPUs authorized to execute said software; 
an encryption modality in said software for generating a first check number based upon an ID code from 
said list, said first check number being written onto said diskette with said software by said first 
computing system; ^ 
a second computing system with a CPU for receiving said diskette and executing said software, said 
second computing system including a second ID code identifying its CPU ; 

encryption means executable on said first and second computing systems for generating a first check 
number based upon public-key encryption of said first ID code and a second ID drawn from said list, said 
first check number being written onto said diskette with said software, and for generating a second check 65 
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© The copy protection of personal computer (PC) 
software distributed on diskettes is assisted by pro- 
viding a unique identification (ID) stored in read only 
memory (ROM) of a personal computer in which 
software on a diskette is to be used. This ID is 
accessible to the user of the computer. A vendor 
who wishes to protect his diskette-distributed soft- 
ware from illegal copying or use provides a source 
ID on the diskette. The personal computer ID is used 
with the source ID on the distributed diskette to 
produce an encoded check word, using any avail- 
able encryption modality. The check word is gen- 
erated and written onto the distributed diskette dur- 
ing installation and copied onto all backup versions 
made by the user's personal computer. Prior to each 
use of the program, the software on the diskette 
uses the personal computer and the source IDs and 
check word to verify that the software is being used 
on the same personal computer on which It was 
installed. 
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@ A method of controlling the use of computer programs. 

@ The copy protection of personal computer (PC) software 
distributed on diskettes is assisted by providing a unique 
identification (ID) stored in read only memory (ROM) of a 
personal computer in which software on a diskette is to be 
used. This ID is accessible to the user of the computer. A 
vendor who wishes to protect his diskette-distributed software 
from illegal copying or use provides a source ID on the diskette. 
The personal computer ID is used with the source ID on the 
distributed diskette to produce an encoded check word, using 
any available encryption modality. The check word is generated 
and written onto the distributed diskette during installation and 
copied onto all backup versions made by the user's personal 
computer. Prior to each use of the program, the software on the 
diskette uses the personal computer and the source IDs and 
check word to verify that the software is being used on the 
same personal computer on which it was installed. 
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installed in the personal computer wherein the identified CPU is located. The product of the encryption is a 
check number placed on the diskette and used to qualify a check number generated by the encryption 
modality each time the software is executed or copied. If execution or copying is attempted through a CPU 
different from the one on which the software was originally installed, the check number placed on the diskette 
at installation will, in all likelihood, not match that produced by the encryption modality in response to the SID 5 
on the diskette and the Identification of the other CPU. If the check number generated does not match the 
stored one, an evasion process is invoked which prevents user copying of the software on the unauthorized 
machine. 

The invention is expressed as a method of controlling the use and replication of diskette software contents 
and the like on unauthorized diskette-driven computing systems: The method includes placing a first 10 
identification (ID) code in a preselected computing system and then associating a second identification (ID) 
code with a source of programming software for the computing system. Next, the second ID code is placed on 
a diskette having a program obtained from the programming source. A first check number is derived through 
encryption of one of the identification codes by the other of the identification codes, and the check number Is 
placed on the diskette. Thereafter, upon access of the diskette by any computing system ,~a second check 15 
number is derived through the encryption based upon the second identification code on the diskette and an 
identification code in the accessing computing system and the second check number is compared with the 
first check number. If the two check numbers are identical, execution or copying of the software proceeds. 
This method contemplates the provision of execution evasion and copy protect features embedded in the 
software on the diskette and bypassing the features in the event that the two check numbers match. 20 

The invention is expressed also as a system for authorizing the use or replication of diskette software 
contents on selected computing systems, the system including a diskette containing a software program, a 
source identification (SID) code on the diskette associated with and identifying the source of the software, and 
a computing system for receiving the diskette and including at least one CPU having an embedded CPU 
identification (CPUID) code associated with and identifying that CPU. A programming modality is provided in 25 
the software which is executable on the CPU and which generates a check number through encryption of one 
of the ID codes by the other of the ID codes and uses the check number to prevent the execution or copying of 
the software on a CPU other than the identified one. 

The system affords site licensing of the software on the diskette by including a check storage area on the 
diskette for receiving a plurality of check numbers, each generated by the programming modality in response 30 
to the SID and a CPUID from a respective one of a plurality of authorized CPUs operating in the computer 
system. The site licensing embodiment also includes provision in the programming modality for using the 
check numbers in the check storage area to prevent execution or copying of the software by an unauthorized 
CPU. 

According to the invention, there is provided a method of controlling the use and replication of diskette 35 
software contents and the like on unauthorized diskette-driven computing systems, said method comprising 
the steps of: 

placing a first ID code in a preselected computing system; 

associating a second ID code with a source of programming software for said computing system; 40 
placing said second ID number on a diskette bearing a program obtained from said source, said program 
including an execution non-compliance feature; 

deriving a first check number through encryption of one of said ID numbers by the other of said ID numbers; 
placing said check number on said diskette; and ... 

upon access of said diskette by any computing system, deriving a second check number through said 45 
encryption based upon said second ID number on said diskette and an ID number in said accessing computing 
system, comparing said second with said first check number, and bypassing the non-compliance feature in the 
event of a match. 

In order that the invention may be fully understood, a preferred embodiment thereof will now be described 
with reference to the accompanying drawings in which: so 
Figure 1 illustrates the components of the invention in their application context. 

Figure 2 illustrates in greater detail the interconnection of a personal computer with a disk driver in 
which is inserted a disk configured for practicing the invention. 

Figure 3 is a flow diagram illustrating the practice of the method of the invention during the initial 
installation routine contained in the software of the diskette of Figures 1 and 2. 55 

Figure 4 is a flow diagram illustrating the method of the invention practiced during a legal execution of 
software installed according to Figure 3. 

Figure 5 is a flow diagram fragment illustrating the method of the invention during copying of the 
diskette of Figures 1 and 2. 

Figure 6 is a representation of a CPUID. 60 

Figure 7 illustrates an alternative embodiment of the invention. 
Giving reference to Figure 1, a description of the environment in which the invention is to be utilized is now 
presented. The invention is executable upon a combination including a personal computer (PC) 10 and a 
magnetic disk ("diskette") 12. The personal computer can be from any vendor, for example, it can comprise 
one selected from any of the PC series available from International Business Machines Corporation, Armonk, 65 
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further asserted that the CPUID is located in a standard location whose address is the same from one personal 
computer to the next. Last, the address of the CPUID 36 is known to the ENCRYPT module 32. It is 
contemplated that the CPUID would be generated, placed in ROM, and installed in the PC 10 by the 
manufacturer of the PC. 

As specified, the ENCRYPT module 32 is a process automatically called by the INSTALL and INITIALIZE 5 
modules during their executions. Figure 2 symbolically illustrates the ENCRYPT module 32 being performed by 
the CPU 14. When executed, the ENCRYPT module obtains the CPUID 36 from its addressable location in the 
PC 10 and obtains the SID 28 from its addressable location on the diskette 12. When obtaining the CPUID, the 
ENCRYPT module employs a conventional validity checking modality to ascertain whether the CPUID meets 
the pre-established validity requirements. In the discussion following, ft is presumed that the CPUID is valid; if w 
not, the evasion and/or protection features described below can be implemented. The SID 28 is obtained by a 
standard READ function in the PC 10. The CPUID 36 and SID 28 are subjected to the encryption algorithm 
embodied in the ENCRYPT module 32 to produce a check number, or code (CHK). If the ENCRYPT module 32 
is called by the INSTALL module 21 , the positive exit is taken from the decision 40 and the WRITE function 42 is 
called to write CHK into the first available spot in the CHKSTOR sector 30 of the disk 12. In Figure 2, a check is 
number is entered in location 44 of CHKSTOR 30. Alternatively, if the ENCRYPT module 32 is called by the 
INITIALIZE routine 22, the READ function 38 is invoked to obtain CHK from location 44 on the disk 12 whence it 
is provided to a COMPARE function 46 embedded in the ENCRYPT module 32. In addition, the check number 
generated by the ENGRYPT module 32, instead of being written to CHKSTOR on the diskette 12, is also 
provided to the COMPARE function 46. The COMPARE function 46 is a conventional procedure used to 20 
determine whether the check number generated by the ENCRYPT module 32 is identical with CHK 44. If the 
output of the ENCRYPT function 32 does not compare with the check number 44, the output of the COMPARE 
function 46 indicates such a disparity and is used to invoke the COPY PROTECT module 26 or an EVASION 
step built into the INSTALL and INITIALIZE modules. 

Referring now to Figures 3-5 and Tables l-lll, the operation of the invention and its method embodiment will 25 
be explained. The method is executable during the three major phases of software operation listed in Table I. 
Thus, the method is invoked by the INSTALL module 21 when the diskette 12 is loaded into the PC 10 for 
establishing or changing global operating parameters of the PC. The method is also operated whenever the 
diskette 12 is inserted into the disk driver 18 for execution of the APPLICATION module 24 or whenever the 
diskette 12 is inserted into the disk driver 18 for the purpose of copying the software 20 to another diskette 30 
through invocation of the COPY command of the PC 10. 
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TABLE I 



INSTALL 

EXECUTE APPLICATION 
copy 



TABLE II 
SffiLL PROCEDURE 
DO INSTALL 

SO ENCRSTPT 

IF NOT INITIALIZES 

WRITE CHK TO CHKSTOR ' 
50 TO CONTINUE INSTALL 
ELSE 

XE MCF AND CHKSTOR Is NOT FULL, 
THEN, ' 

IF CHK EQUALS A CIDf tm ~~ 
mov , a * CHK IN CHKSTOR 

CONTINDE INSTALL 

ELSE 

"RITE CHK IN CHKSTOR 

GO TO CONTINDE INSTALL 
END 
ELSE, 
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IF CHKSTOR IS FULL 
THEN, 

EVADE EXECUTION 
ELSE, 

IF CHK DOES NOT EQUAL CHK 

IN CHKSTOR 

THEN 

EVADE EXECUTION" 
ELSE 

GO TO CONTINUE INSTALL 
END 

CONTINUE INSTALL 
END 



TABLE III 

EXECUTE APPLICATION 

DO INITIALIZE 

DO ENCRYPT 

IF CHK DOES NOT EQUAL CHK 
THEN, EVADE EXECUTING 
ELSE CONTINUE INITIALIZE 

END 

CALL APPLICATION 
END 
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CCPU and has a secure identification (CCPUID). Thus, in Figure 7, the command post computer 50 has 
embedded in it the secure CCPUID 52 and stores a secure list of field CPUIDs 54. A public-key encryption 
modality 56 encrypts the CCPUID with a selected FCPUID to generate a check number CHKNO which is placed 
on a diskette 58 at position 59. In addition, orders in encrypted form are written to the diskette 58 using the 
public-key process, and the diskette is then carried to a tactical field post having a field CPU 70. 5 

The diskette 58 is plugged into the field CPU 70. where a routine similar to the INITIALIZE routine of Figure 4 
Is performed. In this routine, installation of the diskette 58 in the CPU 70 invokes a public-key decryption 
process 72 which is the inverse of the encryption process 56. The decryption process 72 can be included in the 
software on the diskette 58. The FCPUID 74 of the field CPU 70 and a public-key 76, which is known to the 
operator of the CPU 70, are fed to the decryption process which operates conventionally to decrypt the orders 10 
in encrypted form on the diskette 58. H the FCPUID of the CPU 70 matches the FCPUID used to encrypt the 
orders on the diskette 58. the decryption process will produce a clear text of the command post orders. 
Otherwise, either no action is taken to decrypt the software, or protective action to destroy or alter the 
software is undertaken. In this manner, orders can be transmitted using a relatively simple and straightforward 
scheme to protect the orders by a first level of encryption in which a known password or key and a secret is 
password (the FCPUID) are provided to unlock access to the orders only in the event that the recipient of the 
physical embodiment of the orders (the diskette) can generate a key or password identical with the one on the 
diskette. 

It should be evident that the embodiments of the invention do not prevent illegal use on copying by a 
knowledgeable, determined person. However, they have the advantage of providing an inexpensive, easily 20 
implemented means of making unauthorized use or copying very difficult, yet which makes authorized use or 
copying easy. 



Claims 



1. A method of controlling the use and replication of diskette software contents and the like on 
unauthorized diskette-driven computing systems, said method comprising the steps of: 30 

placing a first ID code in a preselected computing system; 

associating a second ID code with a source of programming software for said computing system; 
placing said second ID number on a diskette bearing a program obtained from said source, said program 
including an execution non-compliance feature; 35 
deriving a first check number through encryption of one of said ID numbers by the other of said ID 
numbers; 

placing said check number on said diskette; and 

upon access of said diskette by any computing system, deriving a second check number through said 
encryption based upon said second ID number on said diskette and an ID number in said accessing 40 
computing system, comparing said second with said first check number, and bypassing the 
non-compliance feature in the event of a match. 

2. A method as claimed in Claim 1 wherein said second ID and said first check number are placed in said 
diskette when said program is installed in said computing system. - - - - 

3. A method as claimed in Claim 1 or Claim 2 wherein said access includes execution of said program. 45 

4. A method as claimed in Claim 1 wherein said access includes copying of said program to a second 
diskette. 

5. A method as claimed in Claim 1 wherein said step of placing said check number includes writing said 
check number to a predetermined storage area on said diskette, said predetermined storage area 
including storage space for a plurality of check numbers, and said step of comparing includes comparing 50 
said second check number with a check number in said storage area. 

6. A data processing system for authorizing use of diskette software contents on authorized computing 
systems, comprising: 

a diskette for storing application programs; 55 
a first computing system for entering software on said diskette, and including a first ID code identifying 
said first, and a secure list of ID codes identifying CPUs authorized to execute said software ; 
an encryption modality in said software for generating a first check number based upon an ID code from 
said list, said first check number being written onto said diskette with said software by said first 
computing system; 60 
a second computing system with a CPU for receiving said diskette and executing said software, said 
second computing system including a second ID code identifying its CPU; 

encryption means executable on said first and second computing systems for generating a first check 
number based upon public-key encryption of said first ID code and a second ID drawn from said list, said 
first check number being written onto said diskette with said software, and for generating a second check 65 
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